CVE-2009-0677

avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array.

Publication date: Mon, 23 Feb 2009 04:30:00 +0000

Cyber News related to CVE-2009-0677

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago

CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago

CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
55 years ago Tenable.com

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
5 years ago

CVE-2009-0677 - avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by ...
6 years ago

CVE-2020-0756 - An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a ...
3 years ago

CVE-2020-0748 - An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a ...
3 years ago

CVE-2020-0755 - An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a ...
3 years ago

CVE-2020-0675 - An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a ...
3 years ago

CVE-2020-0676 - An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a ...
3 years ago

CVE-2020-0677 - An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a ...
3 years ago

CVE-2021-0677 - In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05827154; Issue ...
3 years ago

CVE-2005-0677 - index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter. ...
16 years ago

CVE-1999-0677 - The WebRamp web administration utility has a default password. ...
16 years ago

CVE-2003-0677 - Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to cause a denial of service (CPU consumption or reboot) via a large number of TCP SYN packets to the circuit IP address, aka "ONDM Ping failure." ...
16 years ago

CVE-2010-0677 - SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter. ...
14 years ago

CVE-2013-0677 - The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file. ...
11 years ago

CVE-2016-0677 - Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. ...
8 years ago

CVE-2004-0677 - Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote attackers to cause a denial of service (temporary hang) via the cd command with an unusual argument, possibly due to multiple leading slashes and/or an access to the floppy drive ...
7 years ago

CVE-2014-0677 - The Label Distribution Protocol (LDP) functionality in Cisco NX-OS allows remote attackers to cause a denial of service (temporary LDP session outage) via LDP discovery traffic containing malformed Hello messages, aka Bug ID CSCul88851. ...
7 years ago

CVE-2012-0677 - Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist. ...
7 years ago

CVE-2008-0677 - SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action. ...
7 years ago

CVE-2001-0677 - Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the "Attachment Converted" MIME header, which sends the file when the email is forwarded to the attacker by the user. ...
7 years ago

CVE-2000-0677 - Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable. ...
7 years ago

CVE-2007-0677 - PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter. ...
6 years ago

Latest Cyber News

BadPilot Attacking Network Devices To Expand Russian Seashell Blizzard's Attacks - 37 minutes ago
CrowdStrike Falcon Sensor for Linux TLS Vulnerability Enabling MiTM Attack - 2 hours ago
Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords - 3 hours ago
PAN-OS Vulnerability Let Attackers Bypass Web Interface Authentication - 4 hours ago
Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - 4 hours ago
Japan Goes on Offense With New 'Active Cyber Defense' Bill - 5 hours ago
zkLend loses $9.5M in crypto heist, asks hacker to return 90% - 7 hours ago
Surge in attacks exploiting old ThinkPHP and ownCloud flaws - 8 hours ago
Trump to Nominate Ex-RNC Official as National Cyber Director - 8 hours ago
Cybercrime evolving into national security threat: Google | The Record from Recorded Future News - 8 hours ago
Ransomware attack disrupting Michigan's Sault Tribe operations | The Record from Recorded Future News - 9 hours ago
Feds Sanction Russian Hosting Provider Over LockBit Attacks - 11 hours ago
Sarcoma ransomware claims breach at giant PCB maker Unimicron - 11 hours ago
US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News - 12 hours ago
DPRK hackers dupe targets into typing PowerShell commands as admin - 12 hours ago
Ivanti fixes three critical flaws in Connect Secure & Policy Secure - 13 hours ago
How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool - 14 hours ago
BadPilot network hacking campaign fuels Russian SandWorm attacks - 14 hours ago
Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally - 14 hours ago
CVE-2025-1207 - 14 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

BadPilot Attacking Network Devices To Expand Russian Seashell Blizzard's Attacks - 37 minutes ago
CrowdStrike Falcon Sensor for Linux TLS Vulnerability Enabling MiTM Attack - 2 hours ago
Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords - 3 hours ago
PAN-OS Vulnerability Let Attackers Bypass Web Interface Authentication - 4 hours ago
Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - 4 hours ago
Japan Goes on Offense With New 'Active Cyber Defense' Bill - 5 hours ago
zkLend loses $9.5M in crypto heist, asks hacker to return 90% - 7 hours ago
Surge in attacks exploiting old ThinkPHP and ownCloud flaws - 8 hours ago
Trump to Nominate Ex-RNC Official as National Cyber Director - 8 hours ago
Cybercrime evolving into national security threat: Google | The Record from Recorded Future News - 8 hours ago
Ransomware attack disrupting Michigan's Sault Tribe operations | The Record from Recorded Future News - 9 hours ago
US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News - 12 hours ago
BadPilot network hacking campaign fuels Russian SandWorm attacks - 14 hours ago
Ivanti fixes three critical flaws in Connect Secure & Policy Secure - 13 hours ago
DPRK hackers dupe targets into typing PowerShell commands as admin - 12 hours ago
Sarcoma ransomware claims breach at giant PCB maker Unimicron - 11 hours ago
How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool - 14 hours ago
Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally - 14 hours ago
Feds Sanction Russian Hosting Provider Over LockBit Attacks - 11 hours ago
CVE-2023-40721 - 1 day ago